Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Federated Learning under Attack: Improving Gradient Inversion for Batch of Images

Luiz Leite, Yuri Santo, Bruno L. Dalmazo, André Riker

TL;DR

This paper presents an approach, called Deep Leakage from Gradients with Feedback Blending (DLG-FB), which is able to improve the inverting gradient attack, considering the spatial correlation that typically exists in batches of images.

Abstract

Federated Learning (FL) has emerged as a machine learning approach able to preserve the privacy of user's data. Applying FL, clients train machine learning models on a local dataset and a central server aggregates the learned parameters coming from the clients, training a global machine learning model without sharing user's data. However, the state-of-the-art shows several approaches to promote attacks on FL systems. For instance, inverting or leaking gradient attacks can find, with high precision, the local dataset used during the training phase of the FL. This paper presents an approach, called Deep Leakage from Gradients with Feedback Blending (DLG-FB), which is able to improve the inverting gradient attack, considering the spatial correlation that typically exists in batches of images. The performed evaluation shows an improvement of 19.18% and 48,82% in terms of attack success rate and the number of iterations per attacked image, respectively.

Federated Learning under Attack: Improving Gradient Inversion for Batch of Images

TL;DR

This paper presents an approach, called Deep Leakage from Gradients with Feedback Blending (DLG-FB), which is able to improve the inverting gradient attack, considering the spatial correlation that typically exists in batches of images.

Abstract

Federated Learning (FL) has emerged as a machine learning approach able to preserve the privacy of user's data. Applying FL, clients train machine learning models on a local dataset and a central server aggregates the learned parameters coming from the clients, training a global machine learning model without sharing user's data. However, the state-of-the-art shows several approaches to promote attacks on FL systems. For instance, inverting or leaking gradient attacks can find, with high precision, the local dataset used during the training phase of the FL. This paper presents an approach, called Deep Leakage from Gradients with Feedback Blending (DLG-FB), which is able to improve the inverting gradient attack, considering the spatial correlation that typically exists in batches of images. The performed evaluation shows an improvement of 19.18% and 48,82% in terms of attack success rate and the number of iterations per attacked image, respectively.
Paper Structure (11 sections, 1 equation, 7 figures)

This paper contains 11 sections, 1 equation, 7 figures.

Table of Contents

  1. Introduction
  2. Related Work
  3. Deep Leakage from Gradients (DLG)
  4. Improved Deep Leakage from Gradients (iDLG)
  5. Other Relevant Attacks
  6. Threat Model
  7. Deep Leakage from Gradients with Feedback Blending (DLG-FB)
  8. Evaluation and Results
  9. Test Environment and Dataset
  10. Obtained Results
  11. Conclusion and Future Works

Figures (7)

  • Figure 1: DLG Algorithm zhu2019deep.
  • Figure 2: DLG-FB algorithm illustration.
  • Figure 3: Cumulative Number of Successful Reconstructed Image (CIFAR-100).
  • Figure 4: Cumulative Number of Successful Reconstructed Image (MNIST).
  • Figure 5: Mean Number of Iterations to Successful Image Reconstruction.
  • ...and 2 more figures